/[pxelator]/lib/PXElator/syslogd.pm
This is repository of my old source code which isn't updated any more. Go to git.rot13.org for current projects!
ViewVC logotype

Contents of /lib/PXElator/syslogd.pm

Parent Directory Parent Directory | Revision Log Revision Log


Revision 238 - (show annotations)
Mon Aug 17 00:45:41 2009 UTC (13 years, 3 months ago) by dpavlin
File size: 1422 byte(s)
improve parsing of syslog messages
1 package syslogd;
2
3 use warnings;
4 use strict;
5
6 use IO::Socket;
7 use Data::Dump qw/dump/;
8 use CouchDB;
9
10 use server;
11
12 our $port = 514;
13 our $MAXLEN = 1524;
14
15 sub start {
16
17 my $sock = IO::Socket::INET->new(
18 LocalPort => $port,
19 Proto => 'udp',
20 ReuseAddr => 1,
21 ) || die "can't listen to $port: $!";
22
23 CouchDB::audit('start', { port => $port });
24
25 my $buf;
26 while(1) {
27 $sock->recv($buf, $MAXLEN);
28
29 next unless $buf;
30
31 my ($port, $ipaddr) = sockaddr_in($sock->peername);
32 my $log = {
33 ip => join('.', unpack('C4',$ipaddr)),
34 buf => $buf,
35 };
36
37 if ( $buf =~ s/<(\d+)>// ) {
38 $log->{pri} = $1 % 8;
39 $log->{facility} = ( $1 - $log->{pri} ) / 8;
40
41 $log->{timestamp} = $1 if $buf =~ s/^(\w\w\w\s+\d+\s+\d\d:\d\d:\d\d)\s*//; # strip timestamp which some syslog servers insert here
42
43 if ( $buf =~ s/^([^:]+)\s*:\s*// ) {
44 my $tag = $1;
45 if ( $tag =~ m{^(\S+)\s(\S+)} ) {
46 $log->{tag} = $2;
47 $log->{hostname} = $1;
48 } else {
49 $log->{tag} = $tag;
50 }
51
52 if ( $log->{tag} =~ s/\[(\d+)\]$// ) {
53 $log->{pid} = $1;
54 } elsif ( $buf =~ s/^(\d+):\s*// ) {
55 $log->{pid} = $1;
56 }
57 }
58
59 if ( $log->{tag} =~ m{CRON}i && $buf =~ m{^\((\w+)\) (.+) \((.+)\)$} ) {
60 $log->{cron} = {
61 user => $1,
62 command => $2,
63 argument => $3,
64 };
65 }
66
67 $log->{message} = $buf;
68 }
69
70 warn "log ",dump( $log );
71 CouchDB::audit( 'syslog', $log );
72
73 server->refresh;
74 }
75
76 }
77
78 1;

Properties

Name Value
svn:executable *

  ViewVC Help
Powered by ViewVC 1.1.26